l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
September 2: Social Gathering 		Next Installfest:
Sat. Sept. 27, 10am-6pm
 		Latest News:
Aug. 30: September Installfest scheduled 		Page last updated:
2004 Mar 06 19:06
Events
 Meetings
 Installfests
 Demos
 Photos
Services
 Library
 LERT
 Jobs
 Documents
Interact
 Mailing Lists
 - Search
 - Archives
 Chat
About Us
 Members
 Projects
 Testimonials
 Call for Speakers
 Why Not MS?
 Finances
 Sponsors

^Home
?Search
?News & RSS
?Calendar
@Contact Us
$Buy Stuff
=Printable


The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

 Report this post as spam:

(Enter your email address)
Re: [vox] Open Source and Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Open Source and Security

Here is my (naive) view of software security:

1. old software is insecure because un-patched exploits have been discovered long ago, but it is so old no one wants to fix it

2. recently released software is mostly secure because easy exploits are found quickly and patches are available; less obvious exploits are not yet known

3. bleeding edge, pre-released software is insecure because fixes for easy exploits are not yet available.

This applies to both proprietary software (PS) and open-source software (OSS). Note that for both PS and OSS, it is the responsibility of the end user to keep up-to-date on security vulnerabilities and make the appropriate updates. A decided advantage of OSS is that _anyone_, including yourself, can fix security problems, even for case 1. But with PS, you are in the hands of the software vendor. Also, OSS is often more secure to start with because more people can look at the code and anticipate problems.

It sounds like the person quoted here falls under case 1, where an old version of a RH distro is being used that RH inc no longer supports. He/she probably ought to switch linux distributions or purchase RHE.

Jonathan


Byron Roberts wrote:
Here is an excerpt from a post on the CVBIG list that I belong to:

[snip]
The problems with Linux are that RedHat (our operating system) no longer supports further updates, the Linux operating system has three system vulnerabilities, which need to be fixed, and it is open source (I know I touched on something sacred here, but no programmer likes to redo old code, especially someone elses, so I'm concerned the security vulnerabilities will not get fixed).
[snip]

I feel like I'm totally missing something here....I thought that one of the big advantages of OSS was increased security, precisely because the code is accessible and able to be modified? Or as a newbie is there some piece of information that I'm lacking?
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

 CD Burns Wanted!

LUGOD: Linux Users' Group of Davis
1105 Kennedy Place, Suite 1, Davis, CA 95616
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

 Sponsored in part by:
Richard Mancusi
For a generous donation to allow us to continue meeting at the Davis Library.